Snort
Beta Feature
This feature is still in active development and is therefore subject to changes in the future. There may be bugs or unexpected behavior when using this feature.
Version 4.3.0 of the Allegro Network Multimeter introduced Snort as a new capture method for network traffic. Similar to the Webshark analysis this capture mode does not produce raw packets, but instead sends them to another tool for further processing. With Snort the user is able to conveniently analyze the traffic in their network for potential attacks or intrusions, both live and retroactively.
Configuration
For Snort to function properly it needs to be configured. The multimeter comes pre-equipped with the community ruleset to provide a basic set of rules to cover the most well-known and common attacks in a network. Note that currently no updates are provided for this ruleset by Allegro Packets, instead the user is expected to keep their ruleset up do date themselves.
All configurations of the Snort analysis are done via the Global Settings, under Generic Settings > Snort analysis.